Eh/dZddlmZdZddgZddlejddk(rejddk(rddldd l Z dd l m Z m Z m Z dd lmZGd dZd ZdZdZddZy )aRSA digital signature protocol with appendix according to PKCS#1 PSS. See RFC3447__ or the `original RSA Labs specification`__. This scheme is more properly called ``RSASSA-PSS``. For example, a sender may authenticate a message using SHA-1 and PSS like this: >>> from Crypto.Signature import PKCS1_PSS >>> from Crypto.Hash import SHA >>> from Crypto.PublicKey import RSA >>> from Crypto import Random >>> >>> message = 'To be signed' >>> key = RSA.importKey(open('privkey.der').read()) >>> h = SHA.new() >>> h.update(message) >>> signer = PKCS1_PSS.new(key) >>> signature = PKCS1_PSS.sign(key) At the receiver side, verification can be done like using the public part of the RSA key: >>> key = RSA.importKey(open('pubkey.der').read()) >>> h = SHA.new() >>> h.update(message) >>> verifier = PKCS1_PSS.new(key) >>> if verifier.verify(h, signature): >>> print "The signature is authentic." >>> else: >>> print "The signature is not authentic." :undocumented: __revision__, __package__ .. __: http://www.ietf.org/rfc/rfc3447.txt .. __: http://www.rsa.com/rsalabs/node.asp?id=2125 ) nested_scopesz$Id$new PSS_SigScheme)*N) ceil_shiftceil_div long_to_bytes)strxorc(eZdZdZdZdZdZdZy)rzKThis signature scheme can perform PKCS#1 PSS RSA signature or verification.c.||_||_||_y)a!Initialize this PKCS#1 PSS signature scheme object. :Parameters: key : an RSA key object If a private half is given, both signature and verification are possible. If a public half is given, only verification is possible. mgfunc : callable A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes. saltLen : int Length of the salt, in bytes. N)_key_saltLen_mgfunc)selfkeymgfuncsaltLens [/var/www/html/bid_assistant/venv/lib/python3.12/site-packages/Crypto/Signature/PKCS1_PSS.py__init__zPSS_SigScheme.__init__Os   c6|jjS)zCReturn True if this cipher object can be used for signing messages.)r has_private)rs rcan_signzPSS_SigScheme.can_sign`syy$$&&rc|jj}|jdk(r j}n |j}|jr |j}nfd}t j jj|jj}t|d}t|dz |||}|jj|}td|t|z z|z} | S)aBProduce the PKCS#1 PSS signature of a message. This function is named ``RSASSA-PSS-SIGN``, and is specified in section 8.1.1 of RFC3447. :Parameters: mhash : hash object The hash that was carried out over the message. This is an object belonging to the `Crypto.Hash` module. :Return: The PSS signature encoded as a string. :Raise ValueError: If the RSA key length is not sufficiently long to deal with the given hash algorithm. :Raise TypeError: If the RSA key has no private half. :attention: Modify the salt length and the mask generation function only if you know what you are doing. The receiver must use the same parameters too. Nct||SNMGF1xymhashs rz$PSS_SigScheme.sign..sQqrrr)r _randfuncr digest_sizerCryptoUtilnumbersizenr EMSA_PSS_ENCODEdecryptbchrlen) rr$randfuncsLenmgfmodBitskemmSs ` rsignzPSS_SigScheme.signds099&& ==D $$D==D <<,,C/S++$$))$))++6 WQ  UGAIxd C II  b ! J#a& !A %rc|jdk(r j}n |j}|jr |j}nfd}tjj j |jj}t|d}t||k7ry|jj|dd}t|dz d}td|t|z z|z} t||dz ||} | S#t$rYywxYw)aVerify that a certain PKCS#1 PSS signature is authentic. This function checks if the party holding the private half of the given RSA key has really signed the message. This function is called ``RSASSA-PSS-VERIFY``, and is specified in section 8.1.2 of RFC3447. :Parameters: mhash : hash object The hash that was carried out over the message. This is an object belonging to the `Crypto.Hash` module. S : string The signature that needs to be validated. :Return: True if verification is correct. False otherwise. Nct||Srrr!s rr%z&PSS_SigScheme.verify..stAarr&Frr)rr(rr)r*r+r,rr-r r1encryptr0EMSA_PSS_VERIFY ValueError) rr$r9r3r4r5r6r7emLenresults ` rverifyzPSS_SigScheme.verifys* ==D $$D==D <<,,C.C++$$))$))++6 WQ  q6Q; YY  q! $Q '1% $Zs2w '" , $UB 3EF   s,D D  D N)__name__ __module__ __qualname____doc__rrr:rBrrrrLsU"'.`3rctd}tt||jD]3}t |d}||j ||zj z}5t||k\sJ|d|S)z,Mask Generation Function, described in B.2.1N)bxranger r(r rdigestr1)mgfSeedmaskLenhashTcountercs rr r sv "A(7D,<,<=>/ '1 % 1%,,. ./ q67?? Xg;rczt|d}d}td|z|z D] }|dz dz} ||j|zdzkr tdt d}|r |dkDr||}|j t ddz|jz|z} t d||z |jz dz zt dz|z} || j||jz dz } t| | } t t| d|z| ddz} | | jzt d z} | S) a% Implement the ``EMSA-PSS-ENCODE`` function, as defined in PKCS#1 v2.1 (RFC3447, 9.1.1). The original ``EMSA-PSS-ENCODE`` actually accepts the message ``M`` as input, and hash it internally. Here, we expect that the message has already been hashed instead. :Parameters: mhash : hash object The hash object that holds the digest of the message being signed. emBits : int Maximum length of the final encoding, in bits. randFunc : callable An RNG function that accepts as only parameter an int, and returns a string of random bytes, to be used as salt. mgf : callable A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes. sLen : int Length of the salt, in bytes. :Return: An ``emLen`` byte long string that encodes the hash (with ``emLen = \ceil(emBits/8)``). :Raise ValueError: When digest or salt length are too big. r&rrrz6Digest or salt length are too long for given key size.rIN) r rLr(r?rKrr0rMr bord)r$emBitsrandFuncr4r3r@lmaskisalthdbdbMaskmaskedDBr7s rr.r.sH< VA E E AeGFN # q4  u  %a''QRR R5DDF~ $t*Q,/$67A dU4Z 1 11!3 4tDz AD HB U5#4#44Q6 7Fb HD!%./(12,>H AHHJ d +B Irct|d}d}td|z|z D] }|dz dz} ||j|zdzkryt|ddd k7ry|d||jz dz }|||jz dz d} |t |dzry|| ||jz dz } t || } t t | d|z| ddz} | jt d||jz |z dz zt dzsytd } |r| | d} |jt ddz|jz| zj} | | k7ryy ) a Implement the ``EMSA-PSS-VERIFY`` function, as defined in PKCS#1 v2.1 (RFC3447, 9.1.2). ``EMSA-PSS-VERIFY`` actually accepts the message ``M`` as input, and hash it internally. Here, we expect that the message has already been hashed instead. :Parameters: mhash : hash object The hash object that holds the digest of the message to be verified. em : string The signature to verify, therefore proving that the sender really signed the message that was received. emBits : int Length of the final encoding (em), in bits. mgf : callable A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes. sLen : int Length of the salt, in bytes. :Return: 0 if the encoding is consistent, 1 if it is inconsistent. :Raise ValueError: When digest or salt length are too big. r&rrrUrFNrVrIT) r rLr(ordrWr r0 startswithrKrrM)r$r7rXr4r3r@rZr[r`r]r_r^r\hps rr>r> s: VA E E AeGFN # q4  u  %a'' 2bc7|T,5***1,-H 5"" "1 $R(A tBqE{ E%+++A- .F & !B d2a5kUF" #bf ,B ==dU5+<+<%rrGrrrpsz.%R% ? $#A! 0 0 3q 8(BB%{{z9vBH/r